Conclusion first
MySQL Oracle since 5.7.33 doesn’t get any open source auditing solution
I have tried several options:
- Binary lib MAriaDB plugin server_audit into lib/mysql/plugin (MySQL Server don’t start)
- Compilation of AWS Audit plugin (Code missing code files)
- Compilation of MariaDB plugin server_audit from MySQL code source (API failure)
- Compilation of Percona plugin from MySQL code source (API failure)
- MacAffee Plugins (getting a lot of errors and warnings message in error log)
Create a VirtualBox with Vagrant
Useful links
- https://app.vagrantup.com/centos/boxes/7
- https://www.vagrantup.com/
- https://www.virtualbox.org/
Creating a Centos/7 virtual server
<code>$ vagrant init centos/7
...
$ vagrant up
...
$ vagrant ssh</code>
Prepare Virtual machine for MySQL 5.7
<code>$ sudo yum -y update
$ sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
$ sudo yum localinstall https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm</code>
$ sudo poweroff
Install compilation environment
$ sudo yum group install -y 'Development Tools'
...
$ sudo yum install -y cmake ncurses-devel curl openssl-devel
...
Download MySQL 5.7.40 source code
$ mkdir mysql
$ cd mysql
$ curl -Ovk https://cdn.mysql.com/Downloads/MySQL-5.7/v
$ mkdir build
$tar xzf mysql-5.7.40.tar.gz
$ cd mysql-5.7.40
Adding code source from MySQL 5.7 AWS audit plugin
$ git cone https://github.com/aws/audit-plugin-for-mysql.git
$ git checkout -b mysql-5.7
Switched to a new branch 'mysql-5.7'
$ rsync -av plugin/server_audit ../mysql/mysql-5.7.40/plugin/
sending incremental file list
server_audit/
server_audit/CMakeLists.txt
server_audit/COPYING
server_audit/file_logger.cc
server_audit/server_audit.cc
server_audit/service_logger.h
sent 100,421 bytes received 115 bytes 201,072.00 bytes/sec
total size is 99,984 speedup is 0.99
Compile source MySQL code source with audit plugin
$ cmake . -DDOWNLOAD_BOOST=1 -DWITH_BOOST=$HOME/boost -DENABLE_DOWNLOADS=1
...
$ make
...
Compile source MySQL code source with audit plugin
$ cmake . -DDOWNLOAD_BOOST=1 -DWITH_BOOST=$HOME/boost -DENABLE_DOWNLOADS=1
...
$ make
...
MariaDB Audit plugin
Idea is downloading last MariaDB 10.6 and grab server_audit.so into MySQL plugin directory
But we are facing since last recent versions, troubles blocking MySQL server starting with this message indicating that
MacAffee MySQL plugin
- https://blog.pythian.com/auditing-mysql-users-mcafee-plugin/
- https://github.com/mcafee-enterprise/mysql-audit
- https://github.com/mcafee-enterprise/mysql-audit/releases/download/v1.1.13/audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
- copy libaudit_plugin.so /usr/lib64/mysql/plugin
plugin-load=AUDIT=libaudit_plugin.so
audit_offsets= 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0
audit_json_file=ON
audit_json_log_file=/var/log/mysql-audit.json
audit_record_cmds='connect,Failed Login,Quit'
plugin-load=AUDIT=libaudit_plugin.so
audit_record_cmds='connect,Quit,Failed Login,show,grant,truncate,drop,alter,trigger,grant,super,process,reload,shutdown,create_user,revoke'
Conclusion first
MySQL Oracle since 5.7.33 doesn’t get any open source auditing solution
I have tried several options:
- Binary lib MAriaDB plugin server_audit into lib/mysql/plugin (MySQL Server don’t start)
- Compilation of AWS Audit plugin (Code missing code files)
- Compilation of MariaDB plugin server_audit from MySQL code source (API failure)
- Compilation of Percona plugin from MySQL code source (API failure)
- MacAffee Plugins (getting a lot of errors and warnings message in error log)
Create a VirtualBox with Vagrant
Useful links
- https://app.vagrantup.com/centos/boxes/7
- https://www.vagrantup.com/
- https://www.virtualbox.org/
Creating a Centos/7 virtual server
<code>$ vagrant init centos/7
...
$ vagrant up
...
$ vagrant ssh</code>
Prepare Virtual machine for MySQL 5.7
<code>$ sudo yum -y update
$ sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
$ sudo yum localinstall https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm</code>
$ sudo poweroff
Install compilation environment
$ sudo yum group install -y 'Development Tools'
...
$ sudo yum install -y cmake ncurses-devel curl openssl-devel
...
Download MySQL 5.7.40 source code
$ mkdir mysql
$ cd mysql
$ curl -Ovk https://cdn.mysql.com/Downloads/MySQL-5.7/v
$ mkdir build
$tar xzf mysql-5.7.40.tar.gz
$ cd mysql-5.7.40
Adding code source from MySQL 5.7 AWS audit plugin
$ git cone https://github.com/aws/audit-plugin-for-mysql.git
$ git checkout -b mysql-5.7
Switched to a new branch 'mysql-5.7'
$ rsync -av plugin/server_audit ../mysql/mysql-5.7.40/plugin/
sending incremental file list
server_audit/
server_audit/CMakeLists.txt
server_audit/COPYING
server_audit/file_logger.cc
server_audit/server_audit.cc
server_audit/service_logger.h
sent 100,421 bytes received 115 bytes 201,072.00 bytes/sec
total size is 99,984 speedup is 0.99
Compile source MySQL code source with audit plugin
$ cmake . -DDOWNLOAD_BOOST=1 -DWITH_BOOST=$HOME/boost -DENABLE_DOWNLOADS=1
...
$ make
...
Compile source MySQL code source with audit plugin
$ cmake . -DDOWNLOAD_BOOST=1 -DWITH_BOOST=$HOME/boost -DENABLE_DOWNLOADS=1
...
$ make
...
MariaDB Audit plugin
Idea is downloading last MariaDB 10.6 and grab server_audit.so into MySQL plugin directory
But we are facing since last recent versions, troubles blocking MySQL server starting with this message indicating that
MacAffee MySQL plugin
- https://blog.pythian.com/auditing-mysql-users-mcafee-plugin/
- https://github.com/mcafee-enterprise/mysql-audit
- https://github.com/mcafee-enterprise/mysql-audit/releases/download/v1.1.13/audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
- copy libaudit_plugin.so /usr/lib64/mysql/plugin
plugin-load=AUDIT=libaudit_plugin.so
audit_offsets= 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0
audit_json_file=ON
audit_json_log_file=/var/log/mysql-audit.json
audit_record_cmds='connect,Failed Login,Quit'
plugin-load=AUDIT=libaudit_plugin.so
audit_record_cmds='connect,Quit,Failed Login,show,grant,truncate,drop,alter,trigger,grant,super,process,reload,shutdown,create_user,revoke'